A problem with GSS-API (kdc = SEAM by SUN): GSSException Failure unspecified at GSS-API level (Mechanism level: Integrity check on decrypted field failed (31)) - GSSException: Defective token detected (Mechanism level: AP_REP token id does not ma
Andreas Schmid
letoatreides11 at freenet.de
Thu Nov 25 11:39:04 EST 2004
Hi!
All this GSS-API stuff does not work in Java 1.5.
It seems to be a big bug.
In Java 1.4 all works fine!
alexmunoz at uniandes.edu.co (Don Alex) wrote in message news:<55ce270.0411141412.179b355f at posting.google.com>...
> Hi doc!!!!:
>
> I am running the Sample with tutorial "Use of JAAS Login Utility and
> Java GSS-API for Secure Messages without JAAS programming"
> KDC is a SEAM in Solaris 9
> JDK 1.5
> The Code are SampleClient.java y SampleServer.java without relevant
> modifications
>
> If anyone has any ideas I'm all ears.
>
> Don Alex
>
>
> SERVER:
> Waiting for incoming connection...
> Got connection from client /157.253.50.59
> Will read input token of size 517 for processing by acceptSecContext
> Debug is true storeKey true useTicketCache false useKeyTab false
> doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
> is false principal is null tryFirstPass is false useFirstPass is false
> storePass is false clearPass is false
> Kerberos username [root]: alexmunoz/utria.uniandes.edu.co
> Kerberos password for alexmunoz/utria.uniandes.edu.co: al
> [Krb5LoginModule] user entered username:
> alexmunoz/utria.uniandes.edu.co
>
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 3 1 16.
> principal is alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO
> Acquire TGT using AS Exchange
> EncryptionKey: keyType=3 keyBytes (hex dump)=0000: B9 86 13 75 13 2C
> AB F1
> EncryptionKey: keyType=1 keyBytes (hex dump)=0000: B9 86 13 75 13 2C
> AB F1
> EncryptionKey: keyType=16 keyBytes (hex dump)=0000: AD 58 02 92 1A 5E
> B9 C2 BA 6D B0 64 0B 70 AE 1F .X...^...m.d.p..
> 0010: 6D 98 C8 16 68 A4 16 19
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 3 1 16.
> >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
> >>> KrbAsReq calling createMessage
> >>> KrbAsReq in createMessage
> >>> KrbKdcReq send: kdc=utria.uniandes.edu.co UDP:88, timeout=30000,
> number of retries =3, #bytes=257
> >>> KDCCommunication: kdc=utria.uniandes.edu.co UDP:88,
> timeout=30000,Attempt =1, #bytes=257
> >>> KrbKdcReq send: #bytes read=563
> >>> KrbKdcReq send: #bytes read=563
> >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
> >>> KrbAsRep cons in KrbAsReq.getReply alexmunoz/utria.uniandes.edu.co
> Added server's keyKerberos Principal
> alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.COKey Version 0key
> EncryptionKey: keyType=3 keyBytes (hex dump)=
> 0000: B9 86 13 75 13 2C AB F1
>
> [Krb5LoginModule] added Krb5Principal
> alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO to Subject
> Added server's keyKerberos Principal
> alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.COKey Version 0key
> EncryptionKey: keyType=1 keyBytes (hex dump)=
> 0000: B9 86 13 75 13 2C AB F1
>
> [Krb5LoginModule] added Krb5Principal
> alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO to Subject
> Added server's keyKerberos Principal
> alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.COKey Version 0key
> EncryptionKey: keyType=16 keyBytes (hex dump)=
> 0000: AD 58 02 92 1A 5E B9 C2 BA 6D B0 64 0B 70 AE 1F
> .X...^...m.d.p..
> 0010: 6D 98 C8 16 68 A4 16 19
>
> [Krb5LoginModule] added Krb5Principal
> alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO to Subject
> Commit Succeeded
>
> Found key for alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO(3)
> Found key for alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO(16)
> Found key for alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO(1)
> Entered Krb5Context.acceptSecContext with state=STATE_NEW
> >>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
> >>>crc32: b2075a55
> >>>crc32: 10110010000001110101101001010101
> GSSException Failure unspecified at GSS-API level (Mechanism level:
> Integrity check on decrypted field failed (31))
> GSSException: Failure unspecified at GSS-API level (Mechanism level:
> Integrity check on decrypted field failed (31))
> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:730)
> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
> at SampleServer.main(SampleServer.java:117)
> Caused by: KrbException: Integrity check on decrypted field failed
> (31)
> at sun.security.krb5.internal.crypto.t.b(DashoA12275:154)
> at sun.security.krb5.internal.crypto.s.b(DashoA12275:77)
> at sun.security.krb5.EncryptedData.decrypt(DashoA12275:157)
> at sun.security.krb5.KrbApReq.a(DashoA12275:266)
> at sun.security.krb5.KrbApReq.<init>(DashoA12275:134)
> at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:715)
> ... 3 more
> GSSException Failure unspecified at GSS-API level (Mechanism level:
> Integrity check on decrypted field failed (31))
> Will send token of size 517 from acceptSecContext.
> Exception in thread "main" java.io.EOFException
> at java.io.DataInputStream.readInt(DataInputStream.java:358)
> at SampleServer.main(SampleServer.java:111)
>
>
>
>
> CLIENT:
> Connected to server utria.uniandes.edu.co/157.253.50.59
> Debug is true storeKey false useTicketCache false useKeyTab false
> doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config
> is false principal is null tryFirstPass is false useFirstPass is false
> storePass is false clearPass is false
> Kerberos username [root]: alexmunoz/utria.uniandes.edu.co
> Kerberos password for alexmunoz/utria.uniandes.edu.co: al
> [Krb5LoginModule] user entered username:
> alexmunoz/utria.uniandes.edu.co
>
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 3 1 16.
> principal is alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO
> Acquire TGT using AS Exchange
> EncryptionKey: keyType=3 keyBytes (hex dump)=0000: B9 86 13 75 13 2C
> AB F1
> EncryptionKey: keyType=1 keyBytes (hex dump)=0000: B9 86 13 75 13 2C
> AB F1
> EncryptionKey: keyType=16 keyBytes (hex dump)=0000: AD 58 02 92 1A 5E
> B9 C2 BA 6D B0 64 0B 70 AE 1F .X...^...m.d.p..
> 0010: 6D 98 C8 16 68 A4 16 19
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 3 1 16.
> >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
> >>> KrbAsReq calling createMessage
> >>> KrbAsReq in createMessage
> >>> KrbKdcReq send: kdc=utria.uniandes.edu.co UDP:88, timeout=30000,
> number of retries =3, #bytes=257
> >>> KDCCommunication: kdc=utria.uniandes.edu.co UDP:88,
> timeout=30000,Attempt =1, #bytes=257
> >>> KrbKdcReq send: #bytes read=563
> >>> KrbKdcReq send: #bytes read=563
> >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
> >>> KrbAsRep cons in KrbAsReq.getReply alexmunoz/utria.uniandes.edu.co
> Commit Succeeded
>
> Found ticket for alexmunoz/utria.uniandes.edu.co at UNIANDES.EDU.CO to go
> to krbtgt/UNIANDES.EDU.CO at UNIANDES.EDU.CO expiring on Sun Nov 14
> 22:00:17 COT 2004
> Entered Krb5Context.initSecContext with state=STATE_NEW
> Service ticket not found in the subject
> >>> Credentials acquireServiceCreds: same realm
> Using builtin default etypes for default_tgs_enctypes
> default etypes for default_tgs_enctypes: 3 1 16.
> >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
> >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
> >>> KrbKdcReq send: kdc=utria.uniandes.edu.co UDP:88, timeout=30000,
> number of retries =3, #bytes=619
> >>> KDCCommunication: kdc=utria.uniandes.edu.co UDP:88,
> timeout=30000,Attempt =1, #bytes=619
> >>> KrbKdcReq send: #bytes read=557
> >>> KrbKdcReq send: #bytes read=557
> >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
> >>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
> >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
> Krb5Context setting mySeqNumber to: -1456
> Created InitSecContextToken:
> 0000: 30 31 20 30 30 20 36 65 20 38 32 20 30 31 20 66 01 00 6e 82
> 01 f
> 0010: 30 20 33 30 20 38 32 20 30 31 20 65 63 20 61 30 0 30 82 01 ec
> a0
> 0020: 20 30 33 20 30 32 20 30 31 20 30 35 20 61 31 20 03 02 01 05
> a1
> 0030: 30 33 20 30 32 20 30 31 20 30 65 20 61 32 20 30 03 02 01 0e
> a2 0
> 0040: 37 20 30 33 20 30 35 20 30 30 20 32 30 20 30 30 7 03 05 00 20
> 00
> 0050: 20 30 30 20 30 30 20 61 33 20 38 31 20 66 64 20 00 00 a3 81
> fd
> 0060: 36 31 20 38 31 20 66 61 20 33 30 20 38 31 20 66 61 81 fa 30
> 81 f
> 0070: 37 20 61 30 20 30 33 20 30 32 20 30 31 20 30 35 7 a0 03 02 01
> 05
> 0080: 20 61 31 20 31 31 20 31 62 20 30 66 20 35 35 20 a1 11 1b 0f
> 55
> 0090: 34 65 20 34 39 20 34 31 20 34 65 20 34 34 20 34 4e 49 41 4e
> 44 4
> 00A0: 35 20 35 33 20 32 65 20 34 35 20 34 34 20 35 35 5 53 2e 45 44
> 55
> 00B0: 20 32 65 20 34 33 20 34 66 20 61 32 20 32 34 20 2e 43 4f a2
> 24
> 00C0: 33 30 20 32 32 20 61 30 20 30 33 20 30 32 20 30 30 22 a0 03
> 02 0
> 00D0: 31 20 30 30 20 61 31 20 31 62 20 33 30 20 31 39 1 00 a1 1b 30
> 19
> 00E0: 20 31 62 20 30 36 20 36 62 20 37 32 20 36 32 20 1b 06 6b 72
> 62
> 00F0: 37 34 20 36 37 20 37 34 20 31 62 20 30 66 20 35 74 67 74 1b
> 0f 5
> 0100: 35 20 34 65 20 34 39 20 34 31 20 34 65 20 34 34 5 4e 49 41 4e
> 44
> 0110: 20 34 35 20 35 33 20 32 65 20 34 35 20 34 34 20 45 53 2e 45
> 44
> 0120: 35 35 20 32 65 20 34 33 20 34 66 20 61 33 20 38 55 2e 43 4f
> a3 8
> 0130: 31 20 62 36 20 33 30 20 38 31 20 62 33 20 61 30 1 b6 30 81 b3
> a0
> 0140: 20 30 33 20 30 32 20 30 31 20 30 31 20 61 32 20 03 02 01 01
> a2
> 0150: 38 31 20 61 62 20 30 34 20 38 31 20 61 38 20 30 81 ab 04 81
> a8 0
> 0160: 31 20 35 34 20 39 38 20 34 37 20 61 35 20 32 32 1 54 98 47 a5
> 22
> 0170: 20 66 66 20 38 33 20 39 31 20 35 36 20 65 37 20 ff 83 91 56
> e7
> 0180: 39 64 20 30 65 20 61 65 20 63 62 20 62 61 20 38 9d 0e ae cb
> ba 8
> 0190: 34 20 32 39 20 33 65 20 32 33 20 32 66 20 61 36 4 29 3e 23 2f
> a6
> 01A0: 20 34 63 20 63 31 20 31 34 20 36 63 20 64 64 20 4c c1 14 6c
> dd
> 01B0: 36 38 20 31 30 20 66 33 20 61 38 20 62 32 20 66 68 10 f3 a8
> b2 f
> 01C0: 61 20 32 30 20 62 33 20 38 63 20 34 38 20 32 37 a 20 b3 8c 48
> 27
> 01D0: 20 31 66 20 39 39 20 33 33 20 35 65 20 31 36 20 1f 99 33 5e
> 16
> 01E0: 38 64 20 33 31 20 35 32 20 66 39 20 32 65 20 64 8d 31 52 f9
> 2e d
> 01F0: 32 20 38 35 20 30 37 20 63 64 20 64 64 20 31 64 2 85 07 cd dd
> 1d
> 0200: 20 62 64 20 37 34 20 37 62 20 30 65 20 36 62 20 bd 74 7b 0e
> 6b
> 0210: 36 39 20 33 64 20 30 65 20 35 31 20 34 31 20 64 69 3d 0e 51
> 41 d
> 0220: 66 20 62 36 20 30 35 20 66 65 20 62 37 20 37 61 f b6 05 fe b7
> 7a
> 0230: 20 62 38 20 61 32 20 61 31 20 31 65 20 65 39 20 b8 a2 a1 1e
> e9
> 0240: 64 62 20 62 39 20 36 62 20 31 34 20 30 62 20 34 db b9 6b 14
> 0b 4
> 0250: 63 20 31 63 20 64 64 20 62 31 20 65 30 20 32 66 c 1c dd b1 e0
> 2f
> 0260: 20 62 30 20 34 36 20 39 63 20 35 35 20 30 65 20 b0 46 9c 55
> 0e
> 0270: 33 64 20 66 61 20 38 65 20 66 37 20 33 64 20 35 3d fa 8e f7
> 3d 5
> 0280: 63 20 30 65 20 66 39 20 36 36 20 64 36 20 62 63 c 0e f9 66 d6
> bc
> 0290: 20 62 31 20 61 32 20 66 36 20 34 35 20 62 35 20 b1 a2 f6 45
> b5
> 02A0: 39 32 20 62 62 20 65 35 20 62 31 20 63 33 20 32 92 bb e5 b1
> c3 2
> 02B0: 65 20 64 61 20 61 62 20 65 38 20 63 35 20 31 39 e da ab e8 c5
> 19
> 02C0: 20 39 62 20 36 37 20 38 63 20 30 64 20 37 33 20 9b 67 8c 0d
> 73
> 02D0: 30 61 20 65 65 20 36 63 20 65 33 20 39 35 20 64 0a ee 6c e3
> 95 d
> 02E0: 39 20 64 32 20 34 61 20 32 66 20 38 64 20 39 65 9 d2 4a 2f 8d
> 9e
> 02F0: 20 35 35 20 38 30 20 37 33 20 32 32 20 34 61 20 55 80 73 22
> 4a
> 0300: 66 61 20 61 30 20 63 39 20 39 66 20 37 65 20 33 fa a0 c9 9f
> 7e 3
> 0310: 32 20 63 63 20 30 62 20 62 37 20 66 34 20 63 66 2 cc 0b b7 f4
> cf
> 0320: 20 36 65 20 61 30 20 32 31 20 65 35 20 32 64 20 6e a0 21 e5
> 2d
> 0330: 32 64 20 66 62 20 34 62 20 66 34 20 39 37 20 36 2d fb 4b f4
> 97 6
> 0340: 66 20 64 66 20 35 33 20 61 35 20 36 31 20 36 33 f df 53 a5 61
> 63
> 0350: 20 61 34 20 32 31 20 61 34 20 38 31 20 64 36 20 a4 21 a4 81
> d6
> 0360: 33 30 20 38 31 20 64 33 20 61 30 20 30 33 20 30 30 81 d3 a0
> 03 0
> 0370: 32 20 30 31 20 30 33 20 61 32 20 38 31 20 63 62 2 01 03 a2 81
> cb
> 0380: 20 30 34 20 38 31 20 63 38 20 66 35 20 34 61 20 04 81 c8 f5
> 4a
> 0390: 39 34 20 66 37 20 64 66 20 32 35 20 31 65 20 62 94 f7 df 25
> 1e b
> 03A0: 36 20 38 32 20 38 35 20 63 36 20 37 31 20 33 30 6 82 85 c6 71
> 30
> 03B0: 20 61 62 20 64 62 20 64 66 20 38 65 20 36 38 20 ab db df 8e
> 68
> 03C0: 62 31 20 33 35 20 34 65 20 30 34 20 35 61 20 30 b1 35 4e 04
> 5a 0
> 03D0: 35 20 32 62 20 31 36 20 65 61 20 38 65 20 35 35 5 2b 16 ea 8e
> 55
> 03E0: 20 37 63 20 34 63 20 66 37 20 31 62 20 34 64 20 7c 4c f7 1b
> 4d
> 03F0: 65 33 20 63 63 20 37 33 20 64 38 20 37 38 20 64 e3 cc 73 d8
> 78 d
> 0400: 63 20 64 31 20 36 66 20 38 63 20 34 39 20 30 35 c d1 6f 8c 49
> 05
> 0410: 20 34 33 20 36 61 20 35 35 20 66 37 20 64 65 20 43 6a 55 f7
> de
> 0420: 38 64 20 63 65 20 31 33 20 35 37 20 66 38 20 33 8d ce 13 57
> f8 3
> 0430: 31 20 31 35 20 36 62 20 64 31 20 31 61 20 36 39 1 15 6b d1 1a
> 69
> 0440: 20 63 33 20 30 33 20 30 30 20 32 66 20 34 35 20 c3 03 00 2f
> 45
> 0450: 36 33 20 62 63 20 63 30 20 30 62 20 39 36 20 33 63 bc c0 0b
> 96 3
> 0460: 66 20 33 36 20 36 39 20 36 65 20 63 39 20 38 64 f 36 69 6e c9
> 8d
> 0470: 20 39 37 20 61 63 20 38 34 20 62 30 20 39 30 20 97 ac 84 b0
> 90
> 0480: 37 30 20 36 63 20 32 38 20 30 62 20 35 30 20 65 70 6c 28 0b
> 50 e
> 0490: 33 20 65 61 20 62 38 20 61 31 20 35 34 20 62 63 3 ea b8 a1 54
> bc
> 04A0: 20 39 37 20 34 39 20 66 65 20 31 37 20 30 39 20 97 49 fe 17
> 09
> 04B0: 62 39 20 64 35 20 39 31 20 63 36 20 35 36 20 38 b9 d5 91 c6
> 56 8
> 04C0: 39 20 34 33 20 61 66 20 38 36 20 31 35 20 65 66 9 43 af 86 15
> ef
> 04D0: 20 65 66 20 64 37 20 63 66 20 64 62 20 37 33 20 ef d7 cf db
> 73
> 04E0: 38 65 20 64 39 20 65 63 20 33 31 20 65 34 20 31 8e d9 ec 31
> e4 1
> 04F0: 63 20 34 64 20 61 62 20 61 34 20 63 39 20 61 63 c 4d ab a4 c9
> ac
> 0500: 20 65 66 20 32 62 20 30 30 20 31 66 20 38 63 20 ef 2b 00 1f
> 8c
> 0510: 31 31 20 64 36 20 39 30 20 64 36 20 66 64 20 38 11 d6 90 d6
> fd 8
> 0520: 63 20 61 36 20 30 66 20 30 61 20 39 66 20 62 61 c a6 0f 0a 9f
> ba
> 0530: 20 34 39 20 31 65 20 35 63 20 63 36 20 65 34 20 49 1e 5c c6
> e4
> 0540: 36 34 20 61 61 20 63 33 20 64 66 20 32 63 20 32 64 aa c3 df
> 2c 2
> 0550: 32 20 63 34 20 30 66 20 39 30 20 64 36 20 63 62 2 c4 0f 90 d6
> cb
> 0560: 20 35 39 20 39 31 20 63 39 20 39 39 20 36 38 20 59 91 c9 99
> 68
> 0570: 37 38 20 63 65 20 31 37 20 35 31 20 31 61 20 62 78 ce 17 51
> 1a b
> 0580: 37 20 63 30 20 66 63 20 63 33 20 36 30 20 39 30 7 c0 fc c3 60
> 90
> 0590: 20 31 39 20 61 31 20 30 62 20 35 61 20 38 31 20 19 a1 0b 5a
> 81
> 05A0: 61 34 20 31 30 20 64 37 20 34 64 20 36 39 20 61 a4 10 d7 4d
> 69 a
> 05B0: 65 20 36 61 20 63 37 20 63 35 20 66 63 20 63 39 e 6a c7 c5 fc
> c9
> 05C0: 20 63 34 20 61 39 20 37 33 20 30 66 20 37 63 20 c4 a9 73 0f
> 7c
> 05D0: 36 32 20 62 39 20 37 61 20 65 38 20 39 39 20 36 62 b9 7a e8
> 99 6
> 05E0: 30 20
> Will send token of size 517 from initSecContext.
> Will read input token of size 517 for processing by initSecContext
> Entered Krb5Context.initSecContext with state=STATE_IN_PROCESS
> Exception in thread "main" GSSException: Defective token detected
> (Mechanism level: AP_REP token id does not match!)
> at sun.security.jgss.krb5.AcceptSecContextToken.<init>(AcceptSecContextToken.java:65)
> at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:640)
> at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:213)
> at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:158)
> at SampleClient.main(SampleClient.java:144)
More information about the Kerberos
mailing list